Firefox update available now

The release patches a previously undisclosed hole. Users are encouraged to download the update, which repairs a buffer overflow vulnerability in a Firefox feature for processing GIF (Graphics Interchange Format) image files. The patch is the second security patch issued in less than a month, but the foundation reassured users that the browser’s open source platform is secure, and said it does not know of any active exploits for the hole.

The GIF processing hole was discovered by Internet Security Systems (ISS) and makes Firefox users who are running earlier versions of the browser vulnerable to buffer overflow attack, according to a statement released by the Mozilla Foundation.

ISS discovered the hole in a review of the Firefox source code, which is available on the Internet.

In a statement attributed to Chris Hofmann, the foundation’s director of engineering, the discovery of the hole and release of a patch shortly after are evidence that the open source software model is safer and more secure than closed-source commercial code, because it is “scoured by thousands” of contributors, developers and professionals, and “not just the company’s development team.”

In February, the Mozilla Foundation released Firefox 1.0.1 to fix 17 security vulnerabilities in Firefox. Over 27 million copies of Firefox have been downloaded, pushing Internet Explorer (IE) share of the browser market below 90 per cent for the first time in years.

Firefox installations were 5.7 per cent of the US browser market as of February 18. IE controlled 89.9 per cent, according to statistics released by WebSideStory.

However, Hofmann denied that Firefox is becoming a more attractive candidate for hackers as it gains market share.

“There is this idea that market share alone will make you have more vulnerabilities. It is not relational at all. Not being in the operating system and not supporting Microsoft’s proprietary Active X are phenomenal advantages to us,” he said in a statement.